> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Windows Event Collector Sysmon Installation

System Monitor (Sysmon) is a Windows system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows Event Log. It provides detailed information about process creations, network connections, and changes to file creation time. Sysmon is a free [Windows Sysinternals](https://technet.microsoft.com/en-us/sysinternals/dn798348) tool from Microsoft.
Installation of Sysmon is optional, but highly recommended.

**To install Sysmon**

1. Download the [Sysmon ZIP](https://download.sysinternals.com/files/Sysmon.zip) file and unzip it in the target system.

2. Download [the Sysmon configuration file](https://cybersecurity.att.com/documentation/resources/downloads/sysmon_config_schema4_0.xml) to a folder and name the file **sysmon\_config.xml**.

3. Install Sysmon in the Windows system and execute the following command:

   ```
   sysmon.exe -accepteula -h md5 -n -l -i sysmon_config.xml
   ```

   Sysmon starts logging the information to the Windows Event Log.

4. Open USM Anywhere and verify that you are receiving Sysmon events.